Migrate to systemd-networkd
This commit is contained in:
parent
5da50e5290
commit
39ff4ee9e8
|
@ -105,7 +105,11 @@ with pkgs;
|
||||||
|
|
||||||
# Specify secrets
|
# Specify secrets
|
||||||
age = {
|
age = {
|
||||||
secrets.wireguard.file = secrets/wireguard.age;
|
secrets.wireguard = {
|
||||||
|
file = secrets/wireguard.age;
|
||||||
|
owner = "systemd-network";
|
||||||
|
group = "systemd-network";
|
||||||
|
};
|
||||||
secrets.syncthing.file = secrets/syncthing.age;
|
secrets.syncthing.file = secrets/syncthing.age;
|
||||||
secrets.msmtp.file = secrets/msmtp.age;
|
secrets.msmtp.file = secrets/msmtp.age;
|
||||||
secrets.gitea = {
|
secrets.gitea = {
|
||||||
|
|
|
@ -3,23 +3,24 @@
|
||||||
let wireguard_port = 1194;
|
let wireguard_port = 1194;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# Assign a static IP
|
# Enable systemd-networkd
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "zion";
|
hostName = "zion";
|
||||||
hostId = "4e74ea68";
|
hostId = "4e74ea68";
|
||||||
interfaces.eth0 = {
|
useDHCP = false;
|
||||||
useDHCP = false;
|
useNetworkd = true;
|
||||||
ipv4.addresses = [{
|
dhcpcd.enable = false;
|
||||||
address = "192.168.13.2";
|
};
|
||||||
prefixLength = 24;
|
systemd.services."systemd-networkd-wait-online".enable = false;
|
||||||
}];
|
|
||||||
};
|
# Assign a static IP
|
||||||
defaultGateway = {
|
systemd.network.networks."24-home" = {
|
||||||
address = "192.168.13.1";
|
name = "eth0";
|
||||||
interface = "eth0";
|
matchConfig.Name = "eth0";
|
||||||
};
|
address = [ "192.168.13.2/24" ];
|
||||||
nameservers = [ "51.158.108.203" "137.220.55.93" ];
|
gateway = [ "192.168.13.1" ];
|
||||||
enableIPv6 = false;
|
dns = [ "51.158.108.203" "137.220.55.93" ];
|
||||||
|
networkConfig.DNSSEC = "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable zeroconf
|
# Enable zeroconf
|
||||||
|
@ -61,38 +62,47 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable NAT for wireguard
|
# Wireguard setup
|
||||||
networking.nat = {
|
systemd.network.netdevs."wg0" = {
|
||||||
enable = true;
|
netdevConfig = {
|
||||||
externalInterface = "eth0";
|
Kind = "wireguard";
|
||||||
internalInterfaces = [ "wg0" ];
|
Name = "wg0";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
ListenPort = wireguard_port;
|
||||||
|
PrivateKeyFile = config.age.secrets.wireguard.path;
|
||||||
|
};
|
||||||
|
wireguardPeers = [
|
||||||
|
# panacea
|
||||||
|
{
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
PublicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
|
||||||
|
AllowedIPs = [ "10.8.0.2/32" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
# caravanserai
|
||||||
|
{
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
PublicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
|
||||||
|
AllowedIPs = [ "10.8.0.3/32" ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Wireguard setup
|
systemd.network.networks."wg0" = {
|
||||||
networking.wireguard.interfaces = {
|
matchConfig.Name = "wg0";
|
||||||
wg0 = {
|
networkConfig = {
|
||||||
ips = [ "10.8.0.1/24" ];
|
Address = "10.8.0.1/24";
|
||||||
listenPort = wireguard_port;
|
IPForward = true;
|
||||||
privateKeyFile = config.age.secrets.wireguard.path;
|
IPMasquerade = "ipv4";
|
||||||
peers = [
|
|
||||||
# panacea
|
|
||||||
{
|
|
||||||
publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
|
|
||||||
allowedIPs = [ "10.8.0.2/32" ];
|
|
||||||
}
|
|
||||||
# caravanserai
|
|
||||||
{
|
|
||||||
publicKey = "eeKfAgMisM3K4ZOErev05RJ9LS2NLqL4x9jyi4XhM1Q=";
|
|
||||||
allowedIPs = [ "10.8.0.3/32" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# DNS server with ad-block
|
# DNS server with ad-block
|
||||||
services.dnsmasq = {
|
services.dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
servers = config.networking.nameservers;
|
servers = config.systemd.network.networks."24-home".dns;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
domain-needed
|
domain-needed
|
||||||
bogus-priv
|
bogus-priv
|
||||||
|
|
Loading…
Reference in New Issue